diff options
| author | Gusted <williamzijl7@hotmail.com> | 2021-11-08 16:45:37 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-11-08 23:45:37 +0800 |
| commit | 640f0e1ddf7a5cae8a778e989046e7438067a56c (patch) | |
| tree | 8d7dd0f745455a9aab4328224f3e5d5755dea8f9 /models | |
| parent | ebaf4c48ea278955c5d79c5f37a2039ccb3cf775 (diff) | |
| download | gitea-640f0e1ddf7a5cae8a778e989046e7438067a56c.tar.gz gitea-640f0e1ddf7a5cae8a778e989046e7438067a56c.zip | |
Only allow returned deleted branche to be on repo (#17570)
- This will only allow `GetDeletedBranchByID` to return deletedBranch
which are on the repo, and thus don't return a deletedBranch from
another repo.
- This just should prevent possible bugs in the futher when a code is
passing the wrong ID into this function.
Diffstat (limited to 'models')
| -rw-r--r-- | models/branches.go | 2 | ||||
| -rw-r--r-- | models/branches_test.go | 25 |
2 files changed, 26 insertions, 1 deletions
diff --git a/models/branches.go b/models/branches.go index 3c62c7a87b..caca9e23fe 100644 --- a/models/branches.go +++ b/models/branches.go @@ -536,7 +536,7 @@ func (repo *Repository) GetDeletedBranches() ([]*DeletedBranch, error) { // GetDeletedBranchByID get a deleted branch by its ID func (repo *Repository) GetDeletedBranchByID(id int64) (*DeletedBranch, error) { deletedBranch := &DeletedBranch{} - has, err := db.GetEngine(db.DefaultContext).ID(id).Get(deletedBranch) + has, err := db.GetEngine(db.DefaultContext).Where("repo_id = ?", repo.ID).And("id = ?", id).Get(deletedBranch) if err != nil { return nil, err } diff --git a/models/branches_test.go b/models/branches_test.go index f1dcfecfa8..e9a32666f9 100644 --- a/models/branches_test.go +++ b/models/branches_test.go @@ -128,3 +128,28 @@ func TestRenameBranch(t *testing.T) { BranchName: "main", }) } + +func TestOnlyGetDeletedBranchOnCorrectRepo(t *testing.T) { + assert.NoError(t, db.PrepareTestDatabase()) + + // Get deletedBranch with ID of 1 on repo with ID 2. + // This should return a nil branch as this deleted branch + // is actually on repo with ID 1. + repo2 := db.AssertExistsAndLoadBean(t, &Repository{ID: 2}).(*Repository) + + deletedBranch, err := repo2.GetDeletedBranchByID(1) + + // Expect no error, and the returned branch is nil. + assert.NoError(t, err) + assert.Nil(t, deletedBranch) + + // Now get the deletedBranch with ID of 1 on repo with ID 1. + // This should return the deletedBranch. + repo1 := db.AssertExistsAndLoadBean(t, &Repository{ID: 1}).(*Repository) + + deletedBranch, err = repo1.GetDeletedBranchByID(1) + + // Expect no error, and the returned branch to be not nil. + assert.NoError(t, err) + assert.NotNil(t, deletedBranch) +} |